Re: Spanning Tree for a redundant Network Connection

CyberSafekeeper · ‎08-01-2024

Hi Gents,

simply we will have two a redundant network which will be connected to two different catalyst C9200L switches. The two switches will not be connected. Each switch will connect a LAN network between two NICs on two different devices.

So for Example Machine 1 has NIC A, B will be connected to Machine 2 have NIC A, B through switches A, B

Machine 1 NIC A will be connected to Switch A and then to Machine 2 NIC A.

Machine 1 NIC B will be connected to Switch B and then to Machine 2 NIC B.

Is there any possibility of having a network loop in this case? Do I need to configure STP on the switches?

Update: i have added simple network topology as in the attached file

Thanks in advance

MHM Cisco World · ‎08-01-2024

Can you draw topolgy

Thanks

MHM

CyberSafekeeper · ‎08-01-2024

i have attached a sample drawing for the topology

Pavel Tarakanov · ‎08-01-2024

>Is there any possibility of having a network loop in this case?

If I understand correctly, machines will have two NICs, connected to different switches.

In such case, yes, if, for example, on machine side NICs will be connected in “bridge”, and there are at least two such machines, there will be loop.

>Do I need to configure STP on the switches?

I don't see that you need any special configuration for STP, it will work out-of-box. You can fine tune it with portfast and so on.

CyberSafekeeper · ‎08-01-2024

I need a redundant network path not utilize the best root. they are two different network subnets on two different switches

Joseph W. Doherty · ‎08-01-2024

If all your host NICs don't L2 "bridge", you won't have any intentional L2 loop.

That said, the general recommendation is to always run STP (preferably rapid STP) to mitigate accidental L2 loop creation.

CyberSafekeeper · ‎08-01-2024

how looping may happen if I have two physical NICs with different IPs and MAC addresses. only they connected to the same motherboard

MHM Cisco World · ‎08-02-2024

These machines not VM and dont have and virtual SW ?

You connect using l3 link and you specify IP ?

If above both Q your answer is Yes

Then there is no loop

And to be sure 100% there is no loop can happened

Add

1- portfast and bpduguard in sw port

2- broadcast and multicast limit in sw port

This way even if there is loop the SW port will be go to errdisable

MHM

CyberSafekeeper · ‎08-02-2024

yes both is physical machines "No hypervisor there / Two separate physical ports"

I don't want to add any voting option if option to avoid false positive blocking as it is a critical control network

MHM Cisco World · ‎08-02-2024

One or two ports go to errdisable better than your whole your network down.

Control plane use bpdu to detect loop' and as ypu mention this l3 port so it not send any bpdu' when we add bpduguard if one of machine port forwarding bpdu vai other port then SW detect this bpdu and errdisable port.

If machine not forward bpdu but it forwarding multicast or unknown frame then we put threshold limit this traffic on port' if this limit is pass then port will errdisable.

MHM

Martin L · ‎08-01-2024

if " two switches will not be connected" then there is no look; not L2 loop anyway; what is end point of Machine NICs ? IP address ? or another virtual switch or virtual software lab sim?

Regards, ML
**Please Rate All Helpful Responses **

CyberSafekeeper · ‎08-01-2024

i have attached a sample network topology drawings which specify the desired Network